[Git][security-tracker-team/security-tracker][master] gimp DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Mar 3 21:59:36 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e8757584 by Moritz Mühlenhoff at 2026-03-03T22:59:05+01:00
gimp DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3452,6 +3452,7 @@ CVE-2026-2048 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution V
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fa69ac5ec5692f675de5c50a6df758f7d3e45117 (GIMP_3_0_8)
CVE-2026-2047 (GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Executio ...)
- gimp 3.2.0~RC3-1 (bug #1128605)
+ [trixie] - gimp 3.0.4-3+deb13u7
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-120/
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[03 Mar 2026] DSA-6156-1 gimp - security update
+ {CVE-2026-0797 CVE-2026-2044 CVE-2026-2045 CVE-2026-2048}
+ [bookworm] - gimp 2.10.34-1+deb12u9
+ [trixie] - gimp 3.0.4-3+deb13u7
[03 Mar 2026] DSA-6155-1 spip - security update
{CVE-2026-22205 CVE-2026-22206 CVE-2026-26223 CVE-2026-26345 CVE-2026-27472 CVE-2026-27473 CVE-2026-27474 CVE-2026-27475}
[trixie] - spip 4.4.11+dfsg-0+deb13u1
=====================================
data/dsa-needed.txt
=====================================
@@ -26,8 +26,6 @@ frr
gh/oldstable
Santiago Vila might work on preparing an update
--
-gimp (jmm)
---
git-lfs
--
imagemagick
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8757584e88d9e1ffb7ce723df8a4c6d39caf310
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8757584e88d9e1ffb7ce723df8a4c6d39caf310
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260303/52cd7945/attachment.htm>
More information about the debian-security-tracker-commits
mailing list